IoCs - DPRK Threat Intelligence | lazarus.day

IoCs

210 IoCs

Type	Value	First Seen	Last Seen
YARA	NK_GOLDBACKDOOR_inital_shellcode	2022-04-21	2022-04-21
YARA	NK_GOLDBACKDOOR_obf_payload	2022-04-21	2022-04-21
YARA	NK_GOLDBACKDOOR_LNK_payload	2022-04-21	2022-04-21
YARA	NK_GOLDBACKDOOR_LNK	2022-04-21	2022-04-21
YARA	UC_ttp_BlackMatter__SafeBoot	2021-11-26	2021-11-26
YARA	UC_ttp_BlackMatter__RegKeys	2021-11-26	2021-11-26
YARA	Scarcruft_RUBY_Shellcode_XOR_Ro…	2021-07-14	2021-07-14
YARA	Scarcruft_Reverse_BS64_Loader	2021-07-14	2021-07-14
YARA	LazarusCampaign_Payload_Jun2021	2021-07-06	2021-07-06
YARA	LazarusCampaign_MacroDoc_Jun2021	2021-07-06	2021-07-06
YARA	HvS_APT37_webshell_controllers_…	2020-12-15	2020-12-15
YARA	HvS_APT37_mimikatz_loader_DF012	2020-12-15	2020-12-15
YARA	HvS_APT37_webshell_img_thumbs_a…	2020-12-15	2020-12-15
YARA	HvS_APT37_RAT_loader	2020-12-15	2020-12-15
YARA	HvS_APT37_cred_tool	2020-12-15	2020-12-15

NK_GOLDBACKDOOR_inital_shellcode

YARA

First seen: 2022-04-21 • Last seen: 2022-04-21

NK_GOLDBACKDOOR_obf_payload

YARA

First seen: 2022-04-21 • Last seen: 2022-04-21

NK_GOLDBACKDOOR_LNK_payload

YARA

First seen: 2022-04-21 • Last seen: 2022-04-21

NK_GOLDBACKDOOR_LNK

YARA

First seen: 2022-04-21 • Last seen: 2022-04-21

UC_ttp_BlackMatter__SafeBoot

YARA

First seen: 2021-11-26 • Last seen: 2021-11-26

UC_ttp_BlackMatter__RegKeys

YARA

First seen: 2021-11-26 • Last seen: 2021-11-26

Scarcruft_RUBY_Shellcode_XOR_Routine

YARA

First seen: 2021-07-14 • Last seen: 2021-07-14

Scarcruft_Reverse_BS64_Loader

YARA

First seen: 2021-07-14 • Last seen: 2021-07-14

LazarusCampaign_Payload_Jun2021

YARA

First seen: 2021-07-06 • Last seen: 2021-07-06

LazarusCampaign_MacroDoc_Jun2021

YARA

First seen: 2021-07-06 • Last seen: 2021-07-06

HvS_APT37_webshell_controllers_asp

YARA

First seen: 2020-12-15 • Last seen: 2020-12-15

HvS_APT37_mimikatz_loader_DF012

YARA

First seen: 2020-12-15 • Last seen: 2020-12-15

HvS_APT37_webshell_img_thumbs_asp

YARA

First seen: 2020-12-15 • Last seen: 2020-12-15

HvS_APT37_RAT_loader

YARA

First seen: 2020-12-15 • Last seen: 2020-12-15

HvS_APT37_cred_tool

YARA

First seen: 2020-12-15 • Last seen: 2020-12-15

NK_GOLDBACKDOOR_inital_shellcode

YARA

First seen: Apr 2022

Last seen: Apr 2022

NK_GOLDBACKDOOR_obf_payload

YARA

First seen: Apr 2022

Last seen: Apr 2022

NK_GOLDBACKDOOR_LNK_payload

YARA

First seen: Apr 2022

Last seen: Apr 2022

NK_GOLDBACKDOOR_LNK

YARA

First seen: Apr 2022

Last seen: Apr 2022

UC_ttp_BlackMatter__SafeBoot

YARA

First seen: Nov 2021

Last seen: Nov 2021

UC_ttp_BlackMatter__RegKeys

YARA

First seen: Nov 2021

Last seen: Nov 2021

Scarcruft_RUBY_Shellcode_XOR_Routine

YARA

First seen: Jul 2021

Last seen: Jul 2021

Scarcruft_Reverse_BS64_Loader

YARA

First seen: Jul 2021

Last seen: Jul 2021

LazarusCampaign_Payload_Jun2021

YARA

First seen: Jul 2021

Last seen: Jul 2021

LazarusCampaign_MacroDoc_Jun2021

YARA

First seen: Jul 2021

Last seen: Jul 2021

HvS_APT37_webshell_controllers_asp

YARA

First seen: Dec 2020

Last seen: Dec 2020

HvS_APT37_mimikatz_loader_DF012

YARA

First seen: Dec 2020

Last seen: Dec 2020

HvS_APT37_webshell_img_thumbs_asp

YARA

First seen: Dec 2020

Last seen: Dec 2020

HvS_APT37_RAT_loader

YARA

First seen: Dec 2020

Last seen: Dec 2020

HvS_APT37_cred_tool

YARA

First seen: Dec 2020

Last seen: Dec 2020

1
«
8
9
10
11
12
»
14

⚠ These IoCs were automatically extracted using regular expressions or an LLM and may include non-malicious data.